Google’s Initiative: FIDO2 is now Quantum Resilient

Google introduced the first security critical implementation resilient to quantum attacks as part of its OpenSK security keys initiative. This open-source hardware solution uses a unique combination of ECC/Dilithium hybrid signature schemes to provide security against standard and quantum attacks. OpenSK, written in Rust, supports FIDO U2F and FIDO2 standards.

“This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks. This schema was co-developed in partnership with the ETH Zürich and won the ACNS secure cryptographic implementation workshop best paper.”

Google is unstoppable

This development follows Google’s recent announcement to support quantum-resistant encryption algorithms in Chrome 116, aimed at establishing secure symmetric keys in TLS connections. 

This move aligns with a broader strategy to adopt cryptographic algorithms capable of withstanding future quantum attacks, emphasizing the importance of early integration to facilitate a smooth transition.

1/ Google Chrome recently announced that it will use post-quantum cryptography for establishing symmetric secrets in TLS, starting in Chrome version 116.

— QANplatform (@QANplatform) August 14, 2023

Technical analysis

The search giant noted that recent standardization of quantum resilient cryptography, including the Dilithium algorithm, has paved the way to secure security keys against quantum threats. 

💡Not sure about the Dilithium algorithm?

The Dilithium algorithm aims to provide a robust and secure method for creating digital signatures that can bear the computational power of quantum computers, making it a crucial tool in developing quantum-resistant cryptography.

Similar to Chrome’s hybrid approach of combining X25519 and Kyber-768, Google’s proposed FIDO2 security key implementation merges ECDSA and Dilithium, a quantum-resistant signature algorithm that was recently standardized.

💡What is ECDSA?

Elliptic Curve Digital Signature Algorithm is a widely used cryptographic algorithm for creating digital signatures. It’s a public key cryptography technique that allows individuals to verify the authenticity of digital messages or documents and ensure their integrity.

Will it be practical in future?

This hybrid signature scheme, developed in collaboration with ETH Zürich, is a memory-efficient Rust-based implementation that requires only 20 KB of memory. This makes it suitable for running on the limited hardware of security keys.

Google expressed its hope for this implementation, or a similar version, to become standardized within the FIDO2 key specification and supported by major web browsers. This would enhance protection for users’ credentials against quantum attacks.

Plan today, secure tomorrow

Supermachines like quantum computers will surely crack the current security system. New cryptographic tools are to be designed today to have a backup plan for tomorrow’s vulnerabilities. Today! It is not just about being secure but to sustain that security for tomorrow.